bug in gflSaveBitmapIntoMemory() (tiff only?)

[stolarz]

Code: Select all

unsigned char* data;
unsigned long length;
gflSaveBitmapIntoMemory(&data, &length, ...

I don't know if it's only for tiff but with tiff and lzw 'length' is bigger than the actual allocated block of memory. therefore

Code: Select all

unsigned char * new_block = malloc(length);
for (int i=0; i<length; i++) new_block[i] = data[i];

causes my proggy to crash. I wrote a simple test program that loaded a picture (a big one, 2304 x 1728) and saved to memory and also saved to disk. saved picture's disk size was 11106543 bytes and picture in mem had 11120367 bytes.
i temporarily solved this with

Code: Select all

data = gflMemoryRealloc(data, length);

and copying the data to new location does'n crash anymore.

kRyszard

BTW: why is that the controls on this page are sometimes in english and sometimes in french? they were even in russian once!

[XnTriq]

BTW: why is that the controls on this page are sometimes in english and sometimes in french? they were even in russian once!

[Bug] Forum language (DFLS)

[stolarz]

yeah, and what if length is less than the size of allocated memory? gflRealloc will crop my data

[xnview]

Code: Select all

unsigned char* data;
unsigned long length;
gflSaveBitmapIntoMemory(&data, &length, ...

I don't know if it's only for tiff but with tiff and lzw 'length' is bigger than the actual allocated block of memory. therefore

Code: Select all

unsigned char * new_block = malloc(length);
for (int i=0; i<length; i++) new_block[i] = data[i];

causes my proggy to crash. I wrote a simple test program that loaded a picture (a big one, 2304 x 1728) and saved to memory and also saved to disk. saved picture's disk size was 11106543 bytes and picture in mem had 11120367 bytes.
i temporarily solved this with

Code: Select all

data = gflMemoryRealloc(data, length);

and copying the data to new location does'n crash anymore.

Could you send me your test program?

[stolarz]

Could you send me your test program?

emm.... d'you mean the source? or the executable?
here's the source:

Code: Select all

#include <stdio>
#include "libgfl.h"

void main() {
	printf("hello\n");
	GFL_ERROR init = gflLibraryInit();
	if (GFL_NO_ERROR != init) {
    	printf("error: %d\n", init);
    	return;
	}
	printf("init ok\n");

	gflEnableLZW(GFL_TRUE);

	printf("version: %s\n", gflGetVersion());
	printf("version of libformat: %s\n", gflGetVersionOfLibformat());

	GFL_ERROR e1;

	int tiff = gflGetFormatIndexByName("tiff");
	printf("format index: %d\n", tiff);

	// load picture
	GFL_BITMAP *thebitmap = NULL;
	GFL_LOAD_PARAMS lp1;
	gflGetDefaultLoadParams(&lp1);
	lp1.FormatIndex = -1;
	e1 = gflLoadBitmap("DSC04034.jpg", &thebitmap, &lp1, NULL);
	if (GFL_NO_ERROR != e1) {
    	printf("error: %d\n", e1);
	} else {

		GFL_SAVE_PARAMS sp1;


		// save to disk
		printf("saving to file\n");
		gflGetDefaultSaveParams(&sp1);
		sp1.FormatIndex = tiff;
		sp1.Compression = GFL_LZW;
		e1 = gflSaveBitmap("dsc04034.tiff", thebitmap, &sp1);
		if (GFL_NO_ERROR == e1) {
			printf("saved\n");
		} else {
        	printf("error: %d\n", e1);
        }


		// save to mem
		printf("saving to mem\n");
		gflGetDefaultSaveParams(&sp1);
		sp1.FormatIndex = tiff;
		sp1.Compression = GFL_LZW;

		unsigned char* data;
		unsigned long length;
		e1 = gflSaveBitmapIntoMemory(&data, &length, thebitmap, &sp1);
		if (GFL_NO_ERROR == e1) {
			printf("saved %d bytes\n", length);
			gflMemoryFree(data);
			printf("mem freed\n");
		} else {
        	printf("error: %d\n", e1);
		}

        printf("freeing bitmap\n");
        gflFreeBitmap(thebitmap);
        printf("freed\n");

	}

	gflLibraryExit();
}

the result is usually sth like:

Code: Select all

hello
init ok
version: 2.67
version of libformat: 4.77
format index: 2
saving to file
saved
saving to mem
saved 11120367 bytes
mem freed
freeing bitmap
freed

i tried other formats aswell. the results are:

Code: Select all

2304 x 1728, tiff:
disk - 11106543
 mem - 11120367

480 x 640, tiff:
disk - 948768
 mem - 949792

480 x 640, tiff, no lzw:
disk - 922872
 mem - 923896

480 x 640, jpeg:
both same sizes - 37635

png - same sizes...

Oh, I said the program crashes on:

Code: Select all

char u = data[length-1];
printf("%d\n", u);

well this time it didn't, but possibly it depends on the compiler. for this little proggy i used Borland Free CmdLine Tools but previously i was using microsoft's some kind of .NET thing to write managed wrapper for gfl...

[xnview]

Could you send me your test program?

emm.... d'you mean the source? or the executable?
here's the source:

I've tried but have no crash...

[stolarz]

I've tried but have no crash...

Yes, but the sizes in mem and disk differ and it's just a matter of luck if there is a crash or not because of different memory allocating algorithms: your first malloc in a program actually allocates smallest allocable block, like f.e. 0x1000 bytes, so

Code: Select all

char* a = (char*) malloc(0x10);
char b = a[0xfff];

doesn't cause the memory protection fault, but followed by

Code: Select all

char* c = (char*)malloc(0xf00);
char* d = (char*)malloc(0x10);
char e = d[0x100];

may cause errors.

[xnview]

I've tried but have no crash...

Yes, but the sizes in mem and disk differ and it's just a matter of luck if there

Ok, it's a little bug...

is a crash or not because of different memory allocating algorithms: your first malloc in a program actually allocates smallest allocable block, like f.e. 0x1000 bytes, so

Code: Select all

char* a = (char*) malloc(0x10);
char b = a[0xfff];

doesn't cause the memory protection fault, but followed by

Code: Select all

char* c = (char*)malloc(0xf00);
char* d = (char*)malloc(0x10);
char e = d[0x100];

may cause errors.

I can't reproduce the crash Send me a PM with your email, i would like to send you a test version...